Round-Optimal Password-Based Authenticated Key Exchange

We show a general framework for constructing passwordbased authenticated key exchange protocols with optimal round complexity - one message per party, sent simultaneously - in the standard model, assuming a common reference string. When our framework is instantiated using bilinear-map cryptosystems, the resulting protocol is also (reasonably) efficient. Somewhat surprisingly, our framework can be adapted to give protocols in the standard model that are universally composable while still using only one (simultaneous) round.

[1]  Vipul Goyal Positive Results for Concurrently Secure Computation in the Plain Model , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[2]  Rafail Ostrovsky,et al.  Password-Authenticated Session-Key Generation on the Internet in the Plain Model , 2010, CRYPTO.

[3]  Rosario Gennaro,et al.  Faster and Shorter Password-Authenticated Key Exchange , 2008, TCC.

[4]  Hugo Krawczyk,et al.  Public-key cryptography and password protocols , 1999 .

[5]  Rafail Ostrovsky,et al.  Secure Remote Authentication Using Biometric Data , 2005, EUROCRYPT.

[6]  David Pointcheval,et al.  Efficient Two-Party Password-Based Key Exchange Protocols in the UC Framework , 2008, CT-RSA.

[7]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[8]  Jonathan Katz,et al.  Two-server password-only authenticated key exchange , 2012, J. Comput. Syst. Sci..

[9]  Manuel Blum,et al.  Proving Security Against Chosen Cyphertext Attacks , 1988, CRYPTO.

[10]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[11]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[12]  Tatsuaki Okamoto,et al.  Authenticated Key Exchange and Key Encapsulation in the Standard Model , 2007, ASIACRYPT.

[13]  Jerome H. Saltzer,et al.  Protecting Poorly Chosen Secrets from Guessing Attacks , 1993, IEEE J. Sel. Areas Commun..

[14]  Guang Gong,et al.  Password Based Key Exchange with Mutual Authentication , 2004, IACR Cryptol. ePrint Arch..

[15]  Sarvar Patel,et al.  Password-authenticated key exchange based on RSA , 2000, International Journal of Information Security.

[16]  Yehuda Lindell,et al.  A Framework for Password-Based Authenticated Key Exchange , 2003, EUROCRYPT.

[17]  Adi Shamir,et al.  Multiple NonInteractive Zero Knowledge Proofs Under General Assumptions , 1999, SIAM J. Comput..

[18]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[19]  Moti Yung,et al.  Systematic Design of Two-Party Authentication Protocols , 1991, CRYPTO.

[20]  Rafail Ostrovsky,et al.  Efficient and secure authenticated key exchange using weak passwords , 2009, JACM.

[21]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[22]  Yehuda Lindell,et al.  Session-Key Generation Using Human Passwords Only , 2001, Journal of Cryptology.

[23]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[24]  Jonathan Katz,et al.  Smooth Projective Hashing and Password-Based Authenticated Key Exchange from Lattices , 2009, ASIACRYPT.

[25]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[26]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[27]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[28]  Yehuda Lindell,et al.  A framework for password-based authenticated key exchange1 , 2006, TSEC.

[29]  Rafail Ostrovsky,et al.  Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords , 2001, EUROCRYPT.

[30]  Yehuda Lindell,et al.  Universally Composable Password-Based Key Exchange , 2005, EUROCRYPT.

[31]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[32]  Jan Camenisch,et al.  A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks , 2009, IACR Cryptol. ePrint Arch..

[33]  Yehuda Lindell,et al.  Secure Computation Without Authentication , 2005, Journal of Cryptology.

[34]  Dong Hoon Lee,et al.  One-Round Protocols for Two-Party Authenticated Key Exchange , 2004, ACNS.

[35]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[36]  Salil P. Vadhan,et al.  Simpler Session-Key Generation from Short Random Passwords , 2004, Journal of Cryptology.

[37]  Jonathan Katz,et al.  A new framework for efficient password-based authenticated key exchange , 2010, CCS '10.

[38]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[39]  Ran Canetti,et al.  Efficient Password Authenticated Key Exchange via Oblivious Transfer , 2012, Public Key Cryptography.

[40]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[41]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[42]  Moti Yung,et al.  Systematic Design of a Family of Attack-Resistant Authentication Protocols , 1993, IEEE J. Sel. Areas Commun..

[43]  Hovav Shacham,et al.  A Cramer-Shoup Encryption Scheme from the Linear Assumption and from Progressively Weaker Linear Variants , 2007, IACR Cryptol. ePrint Arch..

[44]  Eike Kiltz,et al.  Secure Hybrid Encryption from Weakened Key Encapsulation , 2007, CRYPTO.

[45]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.